* For Python 2:
$ python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"
$ python3 -c "import json, urllib.request; print(json.loads(urllib.request.urlopen('https://www.howsmyssl.com/a/check').read().decode('UTF-8'))['tls_version'])""the system Python shipped with MacOS does not yet support TLSv1.2 in any MacOS version;" (and notes on installing current Python 2.7 or 3.6 alongside the system version)
"Python's TLS implementation is falling behind on macOS is that Python continues to use OpenSSL, which Apple has stopped updating on macOS." It's unclear what the fix for this is going to end up being.
I was also surprised not to find this on the page. As I understand, it will vary not only across Python versions but also on systems where it's installed. A lot of fun is about to come, I think (especially from RHEL 6 where people are stuck with Python 2.6).
$ /usr/bin/python26
Python 2.6.9 (unknown, Dec 17 2015, 01:08:55)
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import json, urllib2
>>> json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']
u'TLS 1.2'
Linux localhost.localdomain 2.6.32-642.11.1.el6.x86_64 #1 SMP Fri Nov 18 19:25:05 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Python 2.6.6
TLS 1.2
Linux localhost.localdomain 3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6 23:06:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Python 2.7.5
TLS 1.2The software on the other hand would do quite well without a lot of organizations that do peripheral work and take the credit.
OpenSSL got TLSv1.2 support in version 1.0.1. Any older version of OpenSSL doesn't support TLSv1.2. That affects a number of platforms:
- the system Python on macOS, which link against the system OpenSSL (an anaemic 0.9.8zh)
- most of the older (pre-3.6) python.org releases on macOS, which have the same problem
- any Python on a Linux operating system with an older OpenSSL
So the backport needed is to backport a newer OpenSSL to the platform.
I mean, I know there's some old versions of Red Hat and co knocking about with 2.4 but you're probably better off to use your system package manager for those these days.
However, even though I have configured my path variables that it will use the macports openssl-files, the Python installer seems to link by default to the /usr/... openssl-files.
I've tried quite a bit re-installing Python (with the installer and building it from source; the latter failed with some obscure error I wasn't able to resolve), so I was wondering whether there are any better options. Upgrading via homebrew seems simple enough, but due to using macports, I'd rather not use homebrew. Furthermore, I am a bit reluctant to use the macports-python, but might do that if you were to suggest me that this is the only viable solution.
I'd be happy to hear your suggestions on this!
I also have homebrew on the system, but not used in this case. Is there any reason not to use anaconda on Mac?
Part of this library is a TLS implementation that uses SecureTransport on OS X. If someone is inclined to get requests (and pip, etc) running on the system Python on OS X, it should be possible with the guidance outlined at https://github.com/wbond/oscrypto/issues/10. Unfortunately, it isn't something I have time to work on right now.